Proposing SELinux support in strace

Renaud Métrich rmetrich at redhat.com
Wed Mar 10 09:42:21 UTC 2021


Hello,

Please find the latest patch attached. PR's build is green.

Renaud.

On 3/8/21 5:12 PM, Renaud Métrich wrote:
>
> Hello,
>
> Please check the newer code on github 
> (https://github.com/strace/strace/pull/121), I consider it's complete now.
>
> The "*CI / coverage*" and "*CI / clang10-x86_64-dw (pull_request)*" 
> fail because of a test not related to the change (*pidns-cache.test* 
> taking too much time).
>
> Renaud.
>
> On 3/5/21 3:18 PM, Dmitry V. Levin wrote:
>> On Fri, Mar 05, 2021 at 03:04:47PM +0100, Renaud Métrich wrote:
>>> Dear all,
>>>
>>> I reworked the code and created some unit tests. (PR
>>> https://github.com/strace/strace/pull/121)
>>>
>>> Unfortunately I'm not able to build correctly under the CI for several
>>> reasons:
>>>
>>> - code coverage breaks because the CI system has no SELinux labels,
>>> hence the new code is not covered
>> Unfortunately, github actions don't enable some Linux features.
>> For example, they have no kvm support.
>> But I think you can collect the coverage locally, publish it somewhere,
>> and post the link here.
>>
>>> - compilation with -m32 fails because there is no suitable selinux
>>> library for 32bits apparently
>>>
>>> e.g.
>>>
>>> 2021-03-05T13:17:54.4436301Z gcc-10 -Wall -Wempty-body -Wformat-security
>>> -Wignored-qualifiers -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op
>>> -Wmissing-parameter-type -Wnested-externs -Wold-style-declaration
>>> -Wold-style-definition -Woverride-init -Wsign-compare -Wtype-limits
>>> -Wwrite-strings -Werror -g -O2 -DMPERS_IS_m32 -m32  -o chmod--secontext
>>> chmod--secontext.o -lselinux libtests.a
>>> 2021-03-05T13:17:54.4515828Z /usr/bin/ld: skipping incompatible
>>> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
>>> 2021-03-05T13:17:54.4517295Z /usr/bin/ld: cannot find -lselinux
>>> 2021-03-05T13:17:54.4518771Z /usr/bin/ld: skipping incompatible
>>> /usr/lib/x86_64-linux-gnu/libselinux.so when searching for -lselinux
>>> 2021-03-05T13:17:54.4520200Z /usr/bin/ld: skipping incompatible
>>> /usr/lib/x86_64-linux-gnu/libselinux.a when searching for -lselinux
>>> 2021-03-05T13:17:54.4521300Z /usr/bin/ld: cannot find -lselinux
>>> 2021-03-05T13:17:54.4522032Z collect2: error: ld returned 1 exit status
>>>
>>> I have no idea what needs to be done to fix this. All I see is configure
>>> enables selinux support because the 64bit lib is installed, but
>>> apparently not the 32bit one.
>> I suggest to implement something in m4/mpers.m4, similar to the way
>> AC_CHECK_SIZEOF is used there, so that selinux tests could be enabled per
>> mpers depending on the runtime availability.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20210310/3f9dc6e9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Print-SELinux-contexts-when-enabling-secontext-full-.patch
Type: text/x-patch
Size: 83991 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20210310/3f9dc6e9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20210310/3f9dc6e9/attachment-0001.bin>


More information about the Strace-devel mailing list